[Snort-sigs] SID 793
alexander.s at ...1565...
Mon Jun 9 14:53:10 EDT 2003
VIRUS OUTBOUND .vbs file attachment
An email message was sent that may contain a virus.
Possible system compromise or denial of service to the receiving system
This signature looks for an email message that is sent with a file
attachment whose name ends in ".vbs". VBS files are visual basic
scripts and can contain malcious code such as worms, viruses or trojans.
Worms/viruses are usually sent by hosts that are already infected.
Ease of Attack:
Use anti-virus software. If possible, configure your email server to
block attachments with extensions such as ".vbs", ".exe", and ".com".
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs